Enter Password For The Encrypted File Setup Forge 2006 Keygen =LINK=
KeePass is a free open source password manager, which helps you to manageyour passwords in a secure way. You can store all your passwords in onedatabase, which is locked with a master key. So you only have to remember onesingle master key to unlock the whole database. Database files are encryptedusing the best and most secure encryption algorithms currently known(AES-256, ChaCha20 and Twofish).For more information, see the features page.
Enter Password For The Encrypted File Setup Forge 2006 Keygen
This will save the public key in /.ssh/id_rsa.pub and the privatekey in /.ssh/id_rsa, if you don't specify another location. As apassword, you would type nothing (just enter) if you wish BackupPC tostart automatically; alternatively, you could set a password on theprivate key as stored in the file system, and use an agent as describedbelow to store the private key without password only in memory.
This will save the public key in /.ssh2/id_rsa_1024_a.pub and theprivate key in /.ssh2/id_rsa_1024_a. As a password, you wouldtype nothing (just enter) if you wish BackupPC to start automatically;alternatively, you could set a password on the private key as storedin the file system, and use an agent as described below to store theprivate key without password only in memory.
When you create your keys with ssh-keygen or ssh-keygen2 youare prompted for a password. If you would type nothing, the filesystem version of the keys is not protected with a password, whichmakes their security quite fragile. An agent is a better idea.
Unix/Linux, for example, uses a well-known hash via its crypt() function. Passwords are stored in the /etc/passwd file (Figure 8A); each record in the file contains the username, hashed password, user's individual and group numbers, user's name, home directory, and shell program; these fields are separated by colons (:). Note that each password is stored as a 13-byte string. The first two characters are actually a salt, randomness added to each password so that if two users have the same password, they will still be encrypted differently; the salt, in fact, provides a means so that a single password might have 4096 different encryptions. The remaining 11 bytes are the password hash, calculated using DES.
When a user creates a TrueCrypt volume, a number of parameters need to be defined, such as the size of the volume and the password. To access the volume, the TrueCrypt program is employed to find the TrueCrypt encrypted file, which is then mounted as a new drive on the host system.
To access the hidden volume, the file is mounted as shown above and the user enters the hidden volume's password. When under duress, the user would merely enter the password of the standard (i.e., non-hidden) TrueCrypt volume.
Gmail on Home Linux Box using Postfix and FetchmailDo you have a Gmail account? Then, you'll want to read this step by step tutorialfor configuring and installing the latest version of Postfix with SASL authentication and TLS encryption necessary for connecting and relaying Gmail to smtp.gmail.com. Plus, I'll walk you through configuring fetchmail (with STARTTLS), which will grab (fetch) Gmail to your local system. But it does not stop there. You'll learn how to forward mail to othercomputers you have in the house, plus how to automatically backup copies of email. Quick BackgroundPostfix is a mail server,or MTA (Mail Transfer Agent). It accepts messages and delivers them. In contrast, fetchmail is a remote-mailretrieval system, providing home users like you (and me), who don't have corporate accounts, the ability to pull down mail from an ISP, or in this case Gmail, to our local Linux box. All examples are doneand tested with the fake domain name "squeezel", which is my 4 year olds word for the concatenationof "squeeze" and "wheezel" (weasel). You should choose a unique, fake, domain name, or one that you do notanticipate going to on the Internet.Safety First: fetchmail with STARTTLS and sslcertck, Postfix with smtp_tls_per_site It is very important to setup fetchmail withsome type of encryption. Otherwise, your Gmail password will be broadcast over the Internetevery time the fetchmail daemon tries to pickup mail, which could be every 90 seconds. Fetchmailshould also perform strict certificate checking with sslcertck to prevent man-in-the-middle attacks. Likewise, Postfix should be configured with strict certificate checking with smtp_tls_per_site, before establishing an encrypted connection tosmtp.gmail.com. With both fetchmail and Postfix, it is not enough to establish an encrypted connection,you must also perform strict certificate checking to prevent man-in-the-middle attacks. Getting Postfix Source: Latest Version, More Toys1. Downloading Postfix SourceGet the latest version of Postfix. As of this writing, the latest version is 2.2.10,which was released on April 4, 2006. You can find out what version you havewith the following command: $ postconf mail_version mail_version = 2.2.10From the Postfix Home Page download thelatest version. NcFTP is a popular alternativeto ftp. If you don't have it, ftp or wget will do. This example is done with postfix-2.2.10 - Again, check for updates. $ ncftpget -2.2.10.tar.gz $ ncftpget -2.2.10.tar.gz.sig $ ncftpget , import the pgp key. $ gpg --import wietse.pgp gpg: key C12BCD99: public key "Wietse Venema " imported gpg: key D5327CB9: public key "wietse venema " imported gpg: Total number processed: 2 gpg: imported: 2 (RSA: 2)Verify that the source is valid $ gpg --verify postfix-2.2.10.tar.gz.sig postfix-2.2.10.tar.gzExtract the files: $ tar -xzf postfix-2.2.10.tar.gz2. Compiling Postfix with TLS and SASL supportSince you're connecting to Google's Gmail, you'll need to compile Postfix with TLS (for encryption) and SASL (for authentication). 2.1 First Upgrade OpenSSL and SASLSpecial note: some older versions of Red Hat 8,9.0 may not have an updatedversion of openssl. Check to see what version you have with the following command. But, you probably doNOT want to move to the 0.9.8n versions. Instead, stick with 0.9.7i. However,the Fedora Core 5 distribution seems work fine with 0.9.8a. $ openssl version OpenSSL 0.9.7i 14 Oct 2005If you need to upgrade openssl, find out where the current "openssl" directory is located. The default settings for openssl put it in "/usr/local/ssl", but Red Hat and Fedora users will find it in "/usr/share/ssl". Since my computers are Red Hat 9.0 and Fedora Core 2 and 3, I'll put the executable in "/usr/bin/openssl" and the related directories in "/usr/share/ssl". Therefore, I'll compile it with the following settings: $ ./config --prefix=/usr --openssldir=/usr/share/ssl $ make $ make test $ make install2.2 Upgrading Cyrus SASL You may have authentication problems without the latest upgrade. I had the following error in my "/var/log/maillog" with the default Fedora 3 install; however, the cyrus-sasl package from source fixed the problem. Authentication failed: cannot SASL authenticate to server smtp.gmail.com[188.8.131.52]: no mechanism availableYou can get the latest "cyrus-sasl" package from " -mail/". Yes, that was"http://" in front of the "ftp.andrew...". It is no longer an ftp site. Make sure you search for the latest package. As of this writing, the following is the latest. $ wget -mail/cyrus-sasl-2.1.21.tar.gz $ wget -mail/cyrus-sasl-2.1.21.tar.gz.sig $ gpg --verify cyrus-sasl-2.1.21.tar.gz.sig cyrus-sasl-2.1.21.tar.gz $ tar -xzf cyrus-sasl-2.1.21.tar.gz $ cd cyrus-sasl-2.1.21 $ ./configure $ make $ make install $ ln -s /usr/local/lib/sasl2 /usr/lib/sasl2Again, you will probably want to upgrade these two packages, as they provide new tools for creating certificates. Also, some older versions may cause problems when Postfix is compiled, since there is an outdated "ssh.h" file.When compiling with gcc (GCC) 4.0.1 20050727 on Fedora Core 4, you may notice the following error:client.c:64: error: static declaration of 'global_callbacks' follows non-static declarationsaslint.h:112: error: previous declaration of 'global_callbacks' was hereThis can be corrected by commenting out the offending line (saslint.h, line 122).GCC 4.0.1 performs advanced checking, exposing problems likethis in the source. /* extern sasl_global_callbacks_t global_callbacks; */2.3 Add Postfix User (postfix) and Group (postdrop) So at this stage you've upgraded openssl and sasl, correct? If you have authentication failures,then, upgrade those packages. I had problems with Fedora Core 3 "RPM" installs, so I had to upgrade.Next, you will add "postfix" as a user. Normally, you don't want this user to have ahome directory ("-M"), or login capability ("-s /sbin/nologin"), so these two commands canbe used: # useradd -M -s /sbin/nologin postfix # groupadd postdrop2.4 Make Options You do not need to add "postfix" to the group "postdrop"; it lives alone.Now you are ready to run make. If you need to re-run make, you should issue the"make tidy" command to clean up the old files. Choose "Option 1" if you don't have MySQL. Postfix can work with MySQL tables,so it may be something you want to try later, after you get Gmail working. To Clean Up Everything if Needed $ make tidy Option 1: TLS and SASL2. You need at least this for Gmail. $ make makefiles CCARGS="-DUSE_TLS -DUSE_SASL_AUTH -DUSE_CYRUS_SASL -I/usr/include/sasl" \ AUXLIBS="-lssl -lcrypto -lsasl2" Option 2: TLS SASL2 and MySQL. $ make makefiles CCARGS="-DUSE_TLS -DUSE_SASL_AUTH -DUSE_CYRUS_SASL -I/usr/include/sasl -DHAS_MYSQL -I/usr/local/include/mysql" \ AUXLIBS="-lssl -lcrypto -L/usr/local/lib/mysql -lmysqlclient -lz -lm -lsasl2" Or, if MySQL libs are in "/usr/lib/mysql", then, something like the following. $ make makefiles CCARGS="-DUSE_TLS -DUSE_SASL_AUTH -DUSE_CYRUS_SASL -I/usr/include/sasl -DHAS_MYSQL -I/usr/include/mysql" \ AUXLIBS="-lssl -lcrypto -L/usr/lib/mysql -lmysqlclient -lz -lm -lsasl2" $ make $ make install Special Note: Reference SASL_README if you have problems running make. Option 1 worked for FC4 and FC5. Also, the -DUSE_CYRUS_SASL option is needed to prevent the following problem: "warning: unsupported SASL server implementation: cyrus". Reference the RELEASE_NOTES. If you get the following error: /usr/lib/libdb.so: undefined reference to `pthread_condattr_setpshared' /usr/lib/libdb.so: undefined reference to `pthread_mutexattr_destroy' /usr/lib/libdb.so: undefined reference to `pthread_mutexattr_setpshared' /usr/lib/libdb.so: undefined reference to `pthread_mutexattr_init' /usr/lib/libdb.so: undefined reference to `pthread_mutex_trylock' Add -lpthread to the make configuration. $ make makefiles CCARGS="-DUSE_TLS -DUSE_SASL_AUTH -I/usr/include/sasl" \ AUXLIBS="-lssl -lcrypto -lsasl2 -lpthread" 2.5 Install QuestionsAfter the "make install", you will be asked questions on where to place files. Unless you need to do otherwise, take the defaults. This will make it easy to follow the directions later.There are questions prompted when running make install Warning: if you use this script to install Postfix locally, this script will replace existing sendmail or Postfix programs. Make backups if you want to be able to recover. Before installing files, this script prompts you for some definitions. Most definitions will be remembered, so you have to specify them only once. All definitions should have a reasonable default value. Please specify the prefix for installed file names. Specify this ONLY if you are building ready-to-install packages for distribution to other machines. install_root: [/] Please specify a directory for scratch files while installing Postfix. You must have write permission in this directory. tempdir: [/home/src/postfix/postfix-2.2.10] Please specify the final destination directory for installed Postfix configuration files. config_directory: [/etc/postfix] ... [SNIP] ... pages. You can no longer specify "no" here. manpage_directory: [/usr/local/man] Please specify the destination directory for the Postfix README files. Specify "no" if you do not want to install these files. readme_directory: [no] 2.6 What Libraries are Linked in?Once you are done, as a check to see if ssl has been compiledinto postfix, you can "ldd" the "postfix" file as follows, which will show linked libraries. $ ldd /usr/sbin/postfix linux-gate.so.1 => (0x00b83000) libssl.so.6 => /lib/libssl.so.6 (0x00375000) libcrypto.so.6 => /lib/libcrypto.so.6 (0x00190000) libmysqlclient.so.15 => /usr/lib/mysql/libmysqlclient.so.15 (0x003bc000) libz.so.1 => /usr/lib/libz.so.1 (0x00d03000) libm.so.6 => /lib/libm.so.6 (0x00cd6000) libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0x00639000) libpcre.so.0 => /lib/libpcre.so.0 (0x00756000) libdb-4.3.so => /lib/libdb-4.3.so (0x04576000) libnsl.so.1 => /lib/libnsl.so.1 (0x00101000) libresolv.so.2 => /lib/libresolv.so.2 (0x00118000) libc.so.6 => /lib/libc.so.6 (0x00ba1000) libgssapi_krb5.so.2 => /usr/lib/libgssapi_krb5.so.2 (0x002c7000) libkrb5.so.3 => /usr/lib/libkrb5.so.3 (0x002e8000) libcom_err.so.2 => /lib/libcom_err.so.2 (0x0012d000) libk5crypto.so.3 => /usr/lib/libk5crypto.so.3 (0x00169000) libdl.so.2 => /lib/libdl.so.2 (0x00cfd000) libcrypt.so.1 => /lib/libcrypt.so.1 (0x039c3000) /lib/ld-linux.so.2 (0x00b84000) libpthread.so.0 => /lib/libpthread.so.0 (0x00d5a000) libkrb5support.so.0 => /usr/lib/libkrb5support.so.0 (0x002e2000)The second line with "libssl.so" shows that I have "ssl", or the Secure Sockets Layer installed,which is needed for TLS. This is for encryption. By the way, if you take a look at rfc2246, you'll get a history of how TLS evolved from SSL.Also a fewlines further down note the entry "libsasl2.so.2", which is the Simple Authentication and Security Layer. In my version, did I choose MySQL? The best way to tell is with the "postconf -m" option. But, yes, you can see "libmysqlclient", "libz" and "libm" linked in, which goes with the MySQL install.2.7 Accessible Shared LibrariesBy the way, if you get odd MySQL errors during the "make install", and your mysql librarieslive in "/usr/local/lib/mysql", you may need to add an entry in your "/etc/ld.so.conf"file to include "/usr/local/lib/mysql" as follows: $ cat /etc/ld.so.conf ... /usr/local/lib/mysqlAfter adding this line, you must run the "ldconfig" command, then all those odd mysql librarieswill be found. It's a good technique if you install a lot of software from source. $ ldconfigAt this stage there are still some postfix configuration settings. We'll get back to them, butfirst, it makes sense to generate the certificates.3. Generating CertificatesAgain, before getting started, make sure you have the latest version of openssl. As of this writing, this is the latest version. See the steps above if you decide to upgrade. But, it's strongly suggestedthat you stay with the 0.9.7 line at this time, unless your distribution has moved 0.9.8. For example, Fedora Core 5uses (OpenSSL 0.9.8a 11 Oct 2005), which seems to work fine. $ openssl version OpenSSL 0.9.7i 14 Oct 20053.1 Creating Your Own CAYou can get signed certificates from Thawte and VeriSign, but you don't haveto for your home system. Instead, you will become your own "Cerificate Authority",and sign your own SSL certs.Below is the command to create your own CA. Hit return for the first prompt to create theCA. It will then prompt you for a password, and prompt to confirm. Remember the password.Also, it's important that the "Organization Name" matches when you create the "server"certificate. I show my answers in bold, so you can see how they will matchwhen creating and signing certificates. $ /usr/local/ssl/misc/CA.pl -newca CA certificate filename (or enter to create) Making CA certificate ... Generating a 1024 bit RSA private key .......++++++ ...................++++++ writing new private key to './demoCA/private/cakey.pem' Enter PEM pass phrase: password123 Verifying - Enter PEM pass phrase: password123 ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [US]:US State or Province Name (full name) [Pennsylvania]:Pennsylvania Locality Name (eg, city) :Elkins Park Organization Name (eg, company) :Chirico_Widgets ...If, after doing the above command, you find that you want to extendthe key (say you didn't change the "default_days = 3650", or you did and wantto change it back), you can issue the following commands: $ openssl x509 -in demoCA/cacert.pem -days 1024 -out cacert.pem -signkey demoCA/private/cakey.pem $ cp cacert.pem demoCAOr, you could hard code values in "/usr/openssl.cnf", if you find that you're doing this over and overfor testing. However, as you can see from the above command, it is easy enough to change the values.3.2 Generate the Server CertificateThis is the server cert request that will be signed by the CAAuthority. Note, below that the "-nodes" option is used so that thecertificate will not require a pass phrase each time the securedaemon is started. I have also added my fake domain name"squeezel.squeezel.com". $ openssl req -new -nodes \ -subj '/CN=squeezel.squeezel.com/O=Chirico_Widgets/C=US/ST=Pennsylvania/L=Elkins Park/emailAddressfirstname.lastname@example.org' \ -keyout FOO-key.pem -out FOO-req.pem -days 3650Note above that "/0=Chirico_Widgets" must match the name given in the the origional CA.For example, "/0=Widgets co." will not work. It must be exact.3.3 Sign the Server CertificateThe following steps will sign the certificate. $ openssl ca -out FOO-cert.pem -infiles FOO-req.pem3.4 Copy Signed Certificates to /etc/postfix/certsThe next step copies over all the required certificates to wherePostfix can find them. In addition, the correct rights are enforcedon each file. $ cp demoCA/cacert.pem FOO-key.pem FOO-cert.pem /etc/postfix $ chmod 644 /etc/postfix/FOO-cert.pem /etc/postfix/cacert.pem $ chmod 400 /etc/postfix/FOO-key.pemIf you need to generate additional certificates, say you have several servers, this isdescribed in (section 4.12.2).4. Configuring Postfix The file "/etc/postfix/main.cf" and "/etc/postfix/master.cf" are the two basicPostfix configuration files.Postfix configuration is particular to the hostname of your computer. You can have a fake hostname, like "squeezel.squeezel.com". Pick a name and set it up as follows. (You can actually use "squeezel.squeezel.com" if you want, since it's not a real domain name, though you might want to use something more descriptive. The point is that it doesn't have to be registered to you, but does have to be unique.) 4.1 Configure the HostnameThe computer that these examples are taken from is "squeezel.squeezel.com", and itexists on IP address 192.168.1.81. The short name is just squeezel. Another computer,on IP address "192.168.1.155" is "tape.squeezel.com". /etc/hosts # Do not remove the following line, or various programs # that require network functionality will fail. 127.0.0.1 localhost.localdomain localhost 192.168.1.81 squeezel.squeezel.com squeezel 192.168.1.155 tape.squeezel.com tapeYou may also want to edit "/etc/sysconfig/network" and add or check the following. HOSTNAME=squeezel.squeezel.comFinally, to put all changes into effect now, run the following command with root privileges. $ hostname squeezel.squeezel.comSome of the settings in the postfix "main.cf" file de